ГлавнаяУязвимости → CVE-2021-47720
7.1высокая

CVE-2021-47720

Описание

Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like old_project_id, project_id, uuid, and uniqid to potentially extract or modify database information.

Затрагиваемое ПО
Orangescrum Orangescrum
CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Источники
https://www.exploit-db.com/exploits/50553https://www.orangescrum.org/https://www.vulncheck.com/advisories/orangescrum-authenticated-sql-injection-via-multiple-parameters